#
# SignPlugin.pri
#
# Sample project include file to sign a LCDHost plugin using
# the SignPlugin executable in command line mode.
#
# Why you should bother:
#
#  * First, this isn't supposed to be hack-proof. It's
#    purpose is to protect against data corruption from
#    failing disks or network communication failures.
#    It may also detect tampering by simpler forms of virii.
#
#  * If the web site stops serving the public key file,
#    it's a strong indication to the user that the
#    plugin is no longer maintained, and should no longer
#    be used.
#
#  * LCDHost may be configured by the user to automatically
#    load plugins that validate successfully. That's just
#    more convenient.
#
#  * The LCDHost auto-updater will automatically reload 
#    updated plugins that validate successfully.
#
# What it does:
#
#  * SignPlugin computes a SHA-1 hash of the shared library
#    excluding the actual RSA signature bit (which is taken
#    as all-zeroes). Since the public key URL is stored 
#    inside library (but outside the RSA signature), it too
#    is included in that SHA-1 hash.
#
#  * It then signs that hash with the private key (which must 
#    be a 2048 bit RSA key) and writes the RSA signature into 
#    it's place in the library.
#
#  * LCDHost does the reverse. It reads the public key URL
#    from the library, computes the SHA-1 as above, downloads 
#    the public key and then verifies the embedded signature.
#
# What you need:
#
#  * Path to the SignPlugin executable directory. This'll be 
#    where you installed LCDHost. On OS/X, it will be inside 
#    the bundle at LCDHost.app/Contents/MacOS/. If not set,
#    we'll try to look it up.
#
#  * A private key and public file in 2048-bit RSA format.
#    These can be generated by SignPlugin. Just start it
#    without parameters and you'll get a dialog.
#
#  * A publicly accessible web site to store the public 
#    key file.
#
# How you use it:
#
#  * Set the qmake variables listed below and include this
#    file into your qmake project file or into your
#    PluginsConfig.prf.
#
# Variables used in this file:
#
#  * SIGNPLUGIN is the path to where the LCDHost SignPlugin
#    executableis. This'll be where you installed LCDHost.
#    On OS/X, it will be inside the bundle at
#    LCDHost.app/Contents/MacOS/SignPlugin.
#
#  * SIGNATURE_PRIVATE_FILE is the fully qualified filename 
#    of the file containing the private key data. Store it 
#    outside the repository to be on the safe side.
#
#  * SIGNATURE_PUBLIC_URL is the URL where the public key
#    can be downloaded by users.
#
#  * SIGNATURE_SWITCHES are extra command line parameters
#    to SignPlugin. Usually not set or left blank. See below.
#
# SignPlugin command line parameters:
#
#  -c   Change directory.
#       SignPlugin will change the current directory to where
#       the SignPlugin executable is located.
#
#  -o   Offline mode.
#  	SignPlugin won't check that the public key is 
#       actually at that URL or that it matches the 
#       private key data. I don't recommend this until
#       you're sure everything is in place and checks out.

contains( TEMPLATE, lib ):!isEmpty(SIGNATURE_PRIVATE_FILE) {

    win32:isEmpty(SIGNPLUGIN) {
        SYSTEM_CMD = $$quote(reg query \"HKEY_CURRENT_USER\\SOFTWARE\\Link Data\\LCDHost\" /v \"installPath\")
        SYSTEM_RET = $$system($${SYSTEM_CMD})
        FORLOOP=4 5 6 7 8 9
        for(i,FORLOOP) {
            MEMBER=$$member(SYSTEM_RET,$${i})
            !isEmpty(MEMBER): SIGNPLUGIN+=$$MEMBER
        }
        isEmpty(SIGNPLUGIN):error("can't find LCDHost install location in registry, set SIGNPLUGIN manually")
        SIGNPLUGIN=$$SIGNPLUGIN$$quote(\\SignPlugin.exe)
        # message("SignPlugin.pri: Using" $$SIGNPLUGIN)
    }

    isEmpty(SIGNPLUGIN): error("SignPlugin.pri: you need to set SIGNPLUGIN first")
    !exists($$SIGNPLUGIN): error("SignPlugin.pri: the file given by SIGNPLUGIN doesn't seem to exist:" $$SIGNPLUGIN)
    !exists($$SIGNATURE_PRIVATE_FILE): error("SignPlugin.pri: private key file not found:" $$SIGNATURE_PRIVATE_FILE)
    QMAKE_POST_LINK = \
        $$SIGNPLUGIN -c $$SIGNATURE_SWITCHES \
        $$SIGNATURE_PRIVATE_FILE \
        $$SIGNATURE_PUBLIC_URL \
        $$DESTDIR/$$TARGET
}
